Active Directory® to G Suite™ Syncing: Three Ways to Make It Happen

By Stephanie DeCamp Posted November 18, 2019

Google started 2019 with more than five million businesses using G Suite™, making its value as a resource undeniable. But sysadmins face a significant challenge in managing user access to it (and other IT resources — including systems, servers, web applications, and more) all while keeping their IT environment secure. And if an enterprise is leveraging Microsoft® Active Directory® (AD) as its core identity provider (IdP) already, while also offering G Suite to its employees, then it’s likely they would consider syncing the two for security and productivity purposes.

The GCDS Approach

Traditionally, syncing AD with G Suite has required Google Cloud Directory Sync™ (GCDS) and G Suite Password Sync (GSPS). This isn’t a simple fix though, as it calls for a dedicated server and integration management, meaning more work for IT admins.

For example, neither GCDS nor GSPS are bidirectional with AD, so the tools that sync password changes and the like can go from AD to G Suite, but not the other way around. Plus, if an IT admin has already eliminated their Exchange server in favor of G Suite, chances are they’ll be reluctant to take another one on. Furthermore, GCDS (formerly known as GADS – Google Apps Directory Sync) only bridges AD identities to G Suite alone, and not to additional platforms such as AWS®, macOS®, Linux®, or other web applications.

The SSO approach

Another approach is to bridge G Suite to AD with a single sign-on (SSO) solution. Utilizing an SSO service can take much of the work out of it, such as eliminating the need for a GCDS server.

While SSO solutions connect users to web applications like Salesforce® (and in this case, extend AD to G Suite) using one set of credentials, those credentials don’t then extend to device authentication (Windows, macOS, Linux) or management. Also, SSO apps tend to focus on SAML protocol, but not always LDAP — so integrating something like G Suite with on-prem, legacy servers and apps isn’t always an option, even though (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Stephanie DeCamp. Read the original post at: https://jumpcloud.com/blog/sync-active-directory-gsuite/